Eclipse Steady

Eclipse Steady - Analysis Report

Generated:

at:

22.03.2023 09:04 +0800


with:

3.2.4


Target:

Workspace:

EEA3ABE2DF5E9207AE69D54E0763122B


Group:

com.vonzhou.learning


Artifact:

SpringInAction


Version:

0.0.1


Aggregated projects (29) +

Links:

Analysis Result: Success


No vulnerabilities, thus, no build exception is thrown The findings presented below represent archives containing code that is subject to a specific vulnerability. Expand to see the vulnerability description and the CVSS score (if any). While the first table column indicates that vulnerable code is contained, the other two columns show whether that vulnerable code is reachable according to the static and dynamic analyses (if performed using the respective analysis goals). Hover over the table cells to see the full identifier (GAV) of the affected application project as well as details about the respective dependency.

Used Configuration Settings

exceptionThreshold: noException
Specifies if and when the plugin will throw a build exception.

Possible values (default: dependsOn):
  • noException - no build exception will be thrown, regardless of the analysis results
  • dependsOn - an exception will be thrown if at least one application project depends on an archive with known vulnerabilities (typically by declaring a dependency in the POM file)
  • potentiallyExecutes - an exception will be thrown if at least one application project can potentially execute vulnerable code (according to static source code analysis).
  • actuallyExecutes - an exception will be thrown if at least one application project actually executes vulnerable code during application tests.


Exempted scopes: TEST, PROVIDED List of scopes that will be ignored (exempted) when deciding whether to throw a build exception.

Example: vulas.report.exemptScope = test, provided
Possible values: compile, provided, runtime, test, system
Default: [test, provided]


Exempted bugs: List of security vulnerabilities that will be ignored (exempted) when deciding whether to throw a build exception.

Example: vulas.report.exemptBug.CVE-2014-0050.reason = Lorem ipsum
Default: none

Vulnerabilities (0)

Exempted Vulnerabilities (117)

activemq-all-5.13.2.jar

affected by

CVE-2011-4461

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 5.3 (v3.0)

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. 1 descriptions from different sources:[0] Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2013-1879

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2013-6429

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2014-0002

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v2.0)

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2014-3576

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v3.0)

The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2014-3600

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2014-3612

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v2.0)

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2015-0201

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 5.0 (v2.0)

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2015-5254

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. 1 descriptions from different sources:[0] Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2015-5344

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2015-6524

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 5.0 (v2.0)

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2015-7559

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 4.9 (v3.0)

It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2016-3088

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2016-8749

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2017-15709

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 3.7 (v3.0)

When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2018-11775

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.4 (v3.0)

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2018-1270

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2018-1272

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2018-1275

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2018-8027

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.0)

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Vulnerable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2019-0194

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v3.0)

Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2020-11971

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 7.5 (v3.1)

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2020-11998

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.1)

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2020-13920

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 5.9 (v3.1)

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. 1 descriptions from different sources:[0] Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

activemq-all-5.13.2.jar

affected by

CVE-2022-22965

Archive Digest: 4FFB351E96A0D8420B84A2CE260EF73498EBB45B
CVSS Score: 9.8 (v3.1)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

commons-beanutils-1.8.0.jar

affected by

CVE-2014-0114

Archive Digest: 0C651D5103C649C12B20D53731643E5FFFCEB536
CVSS Score: 7.5 (v2.0)

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Vulnerable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Vulnerable
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

commons-beanutils-1.8.0.jar

affected by

CVE-2019-10086

Archive Digest: 0C651D5103C649C12B20D53731643E5FFFCEB536
CVSS Score: 7.3 (v3.1)

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Vulnerable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-web Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-httpinvoker Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Vulnerable
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-security Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-aop Vulnerable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true

commons-io-2.4.jar

affected by

CVE-2021-29425

Archive Digest: B1B6EA3B7E4AA4F492509A4952029CD8E48019AD
CVSS Score: 4.8 (v3.1)

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

guava-12.0.1.jar

affected by

CVE-2018-10237

Archive Digest: B8E78B9AF7BF45900E14C6F958486B6CA682195F
CVSS Score: 5.9 (v3.1)

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

httpclient-4.5.2.jar

affected by

CVE-2013-4366

Archive Digest: 733DB77AA8D9B2D68015189DF76AB06304406E50
CVSS Score: 9.8 (v3.1)

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2017-17485

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.1)

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2017-7525

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.1)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2018-11307

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.1)

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2018-12022

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 7.5 (v3.0)

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2018-12023

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 7.5 (v3.0)

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2018-5968

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 8.1 (v3.1)

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. 1 descriptions from different sources:[0] FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2018-7489

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.0)

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2019-14540

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.1)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2019-16335

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 9.8 (v3.1)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.7.3.jar

affected by

CVE-2020-36518

Archive Digest: F12E6CD05CBAECD74D16E685D45B627732939E42
CVSS Score: 7.5 (v3.1)

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2017-17485

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.1)

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2017-7525

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.1)

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2018-11307

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.1)

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2018-12022

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 7.5 (v3.0)

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2018-12023

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 7.5 (v3.0)

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2018-5968

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 8.1 (v3.1)

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. 1 descriptions from different sources:[0] FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2018-7489

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.0)

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2019-14540

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.1)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2019-16335

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 9.8 (v3.1)

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

jackson-databind-2.8.0.jar

affected by

CVE-2020-36518

Archive Digest: 095505AFD940FEDB0D674A83583AE65A9C25EC9F
CVSS Score: 7.5 (v3.1)

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

mysql-connector-java-5.1.34.jar

affected by

CVE-2017-3523

Archive Digest: 46DEBA4ADBDB4967367B013CBC67B7F7373DA60A
CVSS Score: 8.5 (v3.0)

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H).

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

mysql-connector-java-5.1.34.jar

affected by

CVE-2017-3586

Archive Digest: 46DEBA4ADBDB4967367B013CBC67B7F7373DA60A
CVSS Score: 6.4 (v3.0)

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N).

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-beans-3.0.2.RELEASE.jar

affected by

CVE-2022-22965

Archive Digest: EBE47F93AB4AE00ED284AB1C6111B39448727ED6
CVSS Score: 9.8 (v3.1)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-aspectj Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-beans-3.0.5.RELEASE.jar

affected by

CVE-2022-22965

Archive Digest: 4B352A9C3B427294E264CA4D460D07417CA9350E
CVSS Score: 9.8 (v3.1)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-beans-3.2.3.RELEASE.jar

affected by

CVE-2022-22965

Archive Digest: A48EB92EF51E0AED7D23DCAA54225B8F24808DB4
CVSS Score: 9.8 (v3.1)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-jdbc-template Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-jdbc-conventional Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Reachable
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-beans-4.2.5.RELEASE.jar

affected by

CVE-2022-22965

Archive Digest: FA992AE40F6FC47117282164E0433B71DA385E94
CVSS Score: 9.8 (v3.1)

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-remoting-rmi Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. messaging Reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-hibernate-contextual-session Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-jpa Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-programmactic-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-client Reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. SpringPizza Not reachable
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-service-declarative-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. hello-hessian-spring-client Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-3.0.2.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: 3D81822D0759A190CB6E11D80C2C020A9775206B
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-aop Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-3.0.2.RELEASE.jar

affected by

CVE-2018-1272

Archive Digest: 3D81822D0759A190CB6E11D80C2C020A9775206B
CVSS Score: 7.5 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-aop Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Not reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-3.0.5.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: 1633E94943D57746EF76910489F1CD71FE667E04
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-core-3.0.5.RELEASE.jar

affected by

CVE-2018-1272

Archive Digest: 1633E94943D57746EF76910489F1CD71FE667E04
CVSS Score: 7.5 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-core-3.2.3.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: ACCDD65DB57E79E49F2AF037BB76F5A55A580F00
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Not reachable
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-3.2.3.RELEASE.jar

affected by

CVE-2018-1272

Archive Digest: ACCDD65DB57E79E49F2AF037BB76F5A55A580F00
CVSS Score: 7.5 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Not reachable
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-4.2.5.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: 0251207B29F0F38F61E3495A2F7FB053CF1BFE8C
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-programmactic-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Not reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-jpa Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-service-declarative-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Not reachable
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-rmi Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-hibernate-contextual-session Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-core-4.2.5.RELEASE.jar

affected by

CVE-2015-0201

Archive Digest: 0251207B29F0F38F61E3495A2F7FB053CF1BFE8C
CVSS Score: 5.0 (v2.0)

The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Not reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-programmactic-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-jpa Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-persistence-hibernate-contextual-session Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-remoting-rmi Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-service-declarative-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. SpringPizza Not reachable
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  16. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  18. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-core-4.2.5.RELEASE.jar

affected by

CVE-2018-1272

Archive Digest: 0251207B29F0F38F61E3495A2F7FB053CF1BFE8C
CVSS Score: 7.5 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  13. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-rmi Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. SpringPizza Not reachable
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-service-declarative-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-hibernate-contextual-session Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  13. hello-hessian-spring Not reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jpa Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-remoting-httpinvoker Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-programmactic-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-remoting-client Not reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  13. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  14. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  16. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  17. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.0.2.RELEASE.jar

affected by

CVE-2018-1270

Archive Digest: E5930B547B42CF8C49099D2013B3278BD8B46826
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.0.2.RELEASE.jar

affected by

CVE-2018-1275

Archive Digest: E5930B547B42CF8C49099D2013B3278BD8B46826
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aspectj Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aop Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol Reachable
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. springidol-autodiscovery Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-autodiscovery
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. springidol-aspectj Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aspectj
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. springidol-aop Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol-aop
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. springidol Unknown
    Group: com.vonzhou.springinaction
    Artifact: springidol
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.0.5.RELEASE.jar

affected by

CVE-2018-1270

Archive Digest: 5B8E53877CB58C94F15A0D8172DA3569F4B4F3FB
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.0.5.RELEASE.jar

affected by

CVE-2018-1275

Archive Digest: 5B8E53877CB58C94F15A0D8172DA3569F4B4F3FB
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.2.3.RELEASE.jar

affected by

CVE-2018-1270

Archive Digest: 51E4C94A79892C0A2D15C5EFDA8C5B336EBF5C37
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-mybatis Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-template Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-conventional Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Reachable
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-3.2.3.RELEASE.jar

affected by

CVE-2018-1275

Archive Digest: 51E4C94A79892C0A2D15C5EFDA8C5B336EBF5C37
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Reachable
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. knights Unknown
    Group: com.vonzhou.springinaction
    Artifact: knights
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-4.2.5.RELEASE.jar

affected by

CVE-2018-1270

Archive Digest: A42BDFB833D0BE6C18429AEA3FB0FBA81F85C6E8
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. hello-hessian-spring Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-hibernate-contextual-session Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-remoting-rmi Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-persistence-jpa Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-remoting-client Reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. spitter-persistence-programmactic-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-service-declarative-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. hello-hessian-spring-client Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  4. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-expression-4.2.5.RELEASE.jar

affected by

CVE-2018-1275

Archive Digest: A42BDFB833D0BE6C18429AEA3FB0FBA81F85C6E8
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  16. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jpa Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring-client Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-service-declarative-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-remoting-rmi Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-persistence-programmactic-tx Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-persistence-hibernate-contextual-session Reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-remoting-client Reachable
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  16. messaging Reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. hello-hessian-spring Reachable
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  7. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  13. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  15. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true
  16. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  17. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  18. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: true

spring-messaging-4.2.5.RELEASE.jar

affected by

CVE-2018-1257

Archive Digest: 604103815489605ED609A742A6BBC708AE3DB12C
CVSS Score: 6.5 (v3.1)

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-messaging-4.2.5.RELEASE.jar

affected by

CVE-2018-1270

Archive Digest: 604103815489605ED609A742A6BBC708AE3DB12C
CVSS Score: 9.8 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-security-core-4.0.4.RELEASE.jar

affected by

CVE-2019-11272

Archive Digest: 67E6ECCC73A9887A7CA262C7CAC20F9B36CE5A5D
CVSS Score: 7.3 (v3.1)

Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null". 1 descriptions from different sources:[0] Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-security-core-4.0.4.RELEASE.jar

affected by

CVE-2019-3795

Archive Digest: 67E6ECCC73A9887A7CA262C7CAC20F9B36CE5A5D
CVSS Score: 5.3 (v3.1)

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-security-core-4.0.4.RELEASE.jar

affected by

CVE-2020-5408

Archive Digest: 67E6ECCC73A9887A7CA262C7CAC20F9B36CE5A5D
CVSS Score: 6.5 (v3.1)

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-security-web-4.0.4.RELEASE.jar

affected by

CVE-2016-9879

Archive Digest: C52E77D38A48B33F955AB25156F15E564C9B616F
CVSS Score: 7.5 (v3.0)

An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x before 4.1.4, and 4.2.x before 4.2.1. Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded "/" to a request, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. The unexpected presence of path parameters can cause a constraint to be bypassed. Users of Apache Tomcat (all current versions) are not affected by this vulnerability since Tomcat follows the guidance previously provided by the Servlet Expert group and strips path parameters from the value returned by getContextPath(), getServletPath(), and getPathInfo(). Users of other Servlet containers based on Apache Tomcat may or may not be affected depending on whether or not the handling of path parameters has been modified. Users of IBM WebSphere Application Server 8.5.x are known to be affected. Users of other containers that implement the Servlet specification may be affected.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-test-3.2.3.RELEASE.jar

affected by

CVE-2020-5421

Archive Digest: B431CC81467F229346D23EA6D3F7A17558B1E368
CVSS Score: 6.5 (v3.1)

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-test-4.2.5.RELEASE.jar

affected by

CVE-2020-5421

Archive Digest: 60BD0AC25869D515717284B77644D0416D3A38C5
CVSS Score: 6.5 (v3.1)

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-tx-3.0.5.RELEASE.jar

affected by

CVE-2014-1904

Archive Digest: 91EB9BD9BAA61A62590A8093667107CB2C7C8184
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-tx-3.2.3.RELEASE.jar

affected by

CVE-2014-1904

Archive Digest: 40D76C7B27769A3235547BD329D20878DF343B19
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-template Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-persistence-jdbc-conventional Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-conventional
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-persistence-mybatis Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-mybatis
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. spitter-persistence-jdbc-template Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jdbc-template
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-tx-4.2.5.RELEASE.jar

affected by

CVE-2014-1904

Archive Digest: 7395321FE937272D9B781A13985E04AB2DCD6210
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-persistence-programmactic-tx Not reachable
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. messaging Not reachable
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  1. spitter-service-declarative-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-service-declarative-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-persistence-hibernate-contextual-session Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-hibernate-contextual-session
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. spitter-remoting-rmi Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-remoting-rmi
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  9. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-persistence-programmactic-tx Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-programmactic-tx
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  13. messaging Unknown
    Group: com.vonzhou.springinaction
    Artifact: messaging
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  14. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  15. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  16. spitter-persistence-jpa Unknown
    Group: com.vonzhou.springinaction3
    Artifact: spitter-persistence-jpa
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2013-6430

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 5.4 (v3.1)

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2014-0054

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 6.8 (v2.0)

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2014-0225

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 8.8 (v3.0)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2014-3578

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 5.0 (v2.0)

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2015-3192

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 5.5 (v3.0)

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. 1 descriptions from different sources:[0] Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2018-11039

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 5.9 (v3.1)

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-3.0.5.RELEASE.jar

affected by

CVE-2020-5421

Archive Digest: D5C550739C4C0CB7CA527EF46C9AED72FB215EEE
CVSS Score: 6.5 (v3.1)

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2013-4152

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 6.8 (v2.0)

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. 1 descriptions from different sources:[0] The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2013-6429

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 6.8 (v2.0)

The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2013-6430

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 5.4 (v3.1)

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2013-7315

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 6.8 (v2.0)

The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2014-0054

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 6.8 (v2.0)

The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4152, CVE-2013-7315, and CVE-2013-6429.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2014-0225

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 8.8 (v3.0)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references in a DTD declaration. This enabled an XXE attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2014-3578

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 5.0 (v2.0)

Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2015-3192

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 5.5 (v3.0)

Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. 1 descriptions from different sources:[0] Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  5. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2018-11039

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 5.9 (v3.1)

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2018-15756

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 7.5 (v3.1)

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  10. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2020-5397

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 5.3 (v3.1)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  12. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-web-4.2.5.RELEASE.jar

affected by

CVE-2020-5421

Archive Digest: 49CD2430884B77172AA81E3FC33EF668EA1DAB30
CVSS Score: 6.5 (v3.1)

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: true
  2. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-client Unknown
    Group: com.vonzhou.springinaction
    Artifact: spitter-remoting-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  12. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2014-1904

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2014-3625

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 5.0 (v2.0)

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2016-5007

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 7.5 (v3.0)

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2016-9878

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 7.5 (v3.0)

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2018-1271

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 5.9 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-3.0.5.RELEASE.jar

affected by

CVE-2020-5397

Archive Digest: 8B1C7176EDB4A7E5381FFC5A398A5E2E8ED88909
CVSS Score: 5.3 (v3.1)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-aop2 Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop2
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2014-1904

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 4.3 (v2.0)

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2014-3625

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 5.0 (v2.0)

Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2016-5007

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 7.5 (v3.0)

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2016-9878

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 7.5 (v3.0)

An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  2. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2018-1271

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 5.9 (v3.1)

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  3. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2020-5397

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 5.3 (v3.1)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. 1 descriptions from different sources:[0] Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  1. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  5. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  10. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false

spring-webmvc-4.2.5.RELEASE.jar

affected by

CVE-2020-5421

Archive Digest: 0CF463CCE3E4453EB4B9A69DE2DCDFD60C3C57E0
CVSS Score: 6.5 (v3.1)

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.

Includes vulnerable code Potentially executes vulnerable code Executes vulnerable code
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Not reachable
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Not reachable
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  1. spitter-remoting-httpinvoker Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-remoting-httpinvoker
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  2. SpringPizza Unknown
    Group: com.vonzhou.learning
    Artifact: SpringPizza
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  3. CartApp Unknown
    Group: com.vonzhou.learn
    Artifact: CartApp
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  4. spitter-web Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  5. spitter-web-aop Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-aop
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  6. spitter-web-security Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-security
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  7. hello-hessian-spring-client Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring-client
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  8. spring-interceptor Unknown
    Group: com.vonzhou.learning
    Artifact: spring-interceptor
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false
  9. spitter-web-rest Unknown
    Group: com.vonzhou.spitter
    Artifact: spitter-web-rest
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  10. hello-hessian-spring Unknown
    Group: com.vonzhou.learn
    Artifact: hello-hessian-spring
    Version: 1.0-SNAPSHOT
    Scope: COMPILE
    Transitive dependency: false
  11. spring-project-empty Unknown
    Group: com.vonzhou.learning
    Artifact: spring-project-empty
    Version: 1.0
    Scope: COMPILE
    Transitive dependency: false